Caddy doesn’t find my certificate : no such file or directory

Hello all,

1. Caddy version 2

caddy run in background on docker with vaultwarden too.

2. How I run Caddy:

“sudo docker run -d -p 80:80 -p 443:443 --name caddy -v /etc/Caddyfile:/etc/caddy/Caddyfile -v /etc/caddy:/root/.local/share/caddy --restart on-failure caddy:2”

a. System environment:

Ubuntu 20.04.3
Docker version 20.10.15, build fd82621

b. My complete Caddyfile config:

https://vaultwarden.test.fr {
   encode gzip

   tls /etc/ssl/cert.pem /etc/ssl/key.pem

   # The negotiation endpoint is also proxied to Rocket
   reverse_proxy /notifications/hub/negotiate 0.0.0.0:80

   # Notifications redirected to the websockets server
   reverse_proxy /notifications/hub 0.0.0.0:3012

   # Send all other traffic to the regular Vaultwarden endpoint
   reverse_proxy 0.0.0.0:80
 }

3. The problem I’m having:

The connexion is refused, it seems like caddy doesn’t find my certificate.

4. Error messages and/or full log output:

run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: open /etc/ssl/key.pem: no such file or directory
{"level":"info","ts":1652357336.6396017,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1652357336.6406927,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1652357336.6429207,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1652357336.6430886,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004a37a0"}
{"level":"info","ts":1652357336.6431696,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0004a37a0"}

on web browser (firefox,chrome,edge) :
"An error occured during a connetion to https://vaultwarden.test.fr"

curl: (7) Failed to connect to vaultwarden.test.fr port 443: Connection refused

5. What I already tried:

I checked the firewall policy and everything is ok.
I tried many extention for the cert/key.
I don’t realy understand where i supposed to put cert files so… (the documentation only shows the syntax " tls cert.pem key.pem ") i try everywhere, in /home, /etc/ssl, /etc/caddy, /tmp, etc…
I recreated the DNS entry.
I find nothing on google with error code 0xc0004a37a0 or another keyword in the log.
I tried to reinstall all.

6. Links to relevant resources:

i followed this guide :
https://www.linode.com/docs/guides/how-to-self-host-the-vaultwarden-password-manager

Thank you !

Hi :wave:

There is a lot to unpack here, but you might want to check this official guide on how to use vaultwarden with caddy:

Well, to be fair, you don’t have to use docker-compose, but I highly recommend it in your case.

Also, you don’t need to provide your own certificate via tls /etc/ssl/cert.pem /etc/ssl/key.pem, because caddy is able to issue one automatically.
See Automatic HTTPS — Caddy Documentation

You might also want to drop the https:// in your domain name. Caddy will serve on https:// by default.

If you - for whatever reason - absolutely need to use your own certificate, then you will have to make that path available in your docker container too.
The docker container’s file system is not the same as your servers/hosts.
In your originally shared command, you pass -v /etc/Caddyfile:/etc/caddy/Caddyfile, which mounts the file /etc/Caddyfile from your server, to /etc/caddy/Caddyfile within your docker container.

So to do the same with your certificate, you would need to do something like -v /etc/ssl:/etc/ssl as additional args to your docker run command.
Or in case of the docker compose file from the guide linked above, add something like:

  volumes:
    - ./Caddyfile:/etc/caddy/Caddyfile:ro
    - ./caddy-config:/config
    - ./caddy-data:/data
+   - /etc/ssl:/etc/ssl

But again, Caddy is able to issue and update certificated automatically for you!


PS: Your reverse_proxy upstreams (0.0.0.0) in your Caddyfile will not work :eyes:

3 Likes

Thanks for your reply,

I understand better now, I will try again with docker-compose !

thank you for the link !